Health Care Client ALERT: Update on Stimulus Bill & Changes to HIPAA
The American Recovery and Reinvestment Act, generally known as the "Stimulus Bill," modified portions of the HIPAA Privacy and Security Rules, and imposed new security breach notification requirements with respect to "unsecured protected health information." The changes have varying effective dates, and interim final regulations with respect to these new security breach notification requirements are due out by August 16, 2009. The security breach notification requirements will apply to breaches discovered thirty (30) days or more after the date of publication of these regulations. In the interim, the Department of Health and Human Services issued mandated guidance (which must be updated annually) on the technologies and methodologies to secure health information by rendering information "unusable, unreadable, or undecipherable to unauthorized individuals," which is the triggering threshold for the breach notification requirements. This guidance provides that encryption of electronic information and destruction of hard copy media (such as shredding of paper) will generally meet this threshold. In other words, no breach notification is required as to information rendered "unusable, unreadable, or undecipherable to unauthorized individuals" as provided in the guidance. Again, regulations are due out later this summer which will detail the security breach notification requirements and, perhaps, supplement or update this interim guidance. The FTC issued parallel guidance for persons not governed by HIPAA.
Health care providers and other covered entities should continue their efforts to get ready for compliance with these new mandates in accordance with their effective dates.
Click here to view an alert containing a brief overview of all the Stimulus Bill provisions regarding the HIPAA Privacy and Security Rules and new breach notification rules prepared by our Privacy Practice Team leader Susan Pauley.
Walter Williams
Chase Tower - Sixth Floor
229 West Main Street
Clarksburg, WV 26301
(304) 624-8152
walter.williams@steptoe-johnson.com
This alert is a periodic publication of Steptoe & Johnson PLLC and should not be construed or relied upon as legal advice or legal opinion on any specific facts or circumstances. The content is intended for general information purposes only, and you are urged to consult your own lawyer concerning your own situation and any specific legal questions that you may have. For further information about these contents, please contact Steptoe & Johnson PLLC. Walter Williams of Steptoe & Johnson is the lawyer responsible for the content of this alert.